Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/A-NLOGTV2UkdDvVfzefoigOELXk.roa
File:                     A-NLOGTV2UkdDvVfzefoigOELXk.roa (raw, json)
Hash identifier:          Ow7CHRQxwi9p0xLBhEOy8rv3MLYW56VAuyBIVj/0KZE=
Subject key identifier:   03:E3:4B:38:64:D5:D9:49:1D:0E:F5:5F:CD:E7:E8:8A:03:84:2D:79
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019424455F8AF666F5174A4E555D82A66189
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/A-NLOGTV2UkdDvVfzefoigOELXk.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     65544
IP address blocks:        45.156.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5f:8a:f6:66:f5:17:4a:4e:55:5d:82:a6:61:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03e34b3864d5d9491d0ef55fcde7e88a03842d79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:af:99:cc:cf:b5:28:15:51:e0:75:93:64:91:
                    ab:ac:c3:56:b9:35:bb:08:0a:32:72:d3:98:d4:45:
                    44:6b:c8:01:e2:1e:d6:b1:93:03:d1:ed:f6:85:89:
                    dc:df:b7:2b:85:43:a6:41:7d:c8:42:8d:04:65:10:
                    b7:68:28:e9:3f:6e:ed:73:1a:8b:0b:96:da:b5:a5:
                    66:a7:d1:34:db:07:64:02:a2:be:76:d9:52:f8:02:
                    18:50:89:13:10:70:b8:9f:91:43:80:26:f0:d7:87:
                    34:5f:c3:a2:75:2d:12:14:a3:73:b1:3d:38:2f:cb:
                    01:e4:88:68:28:25:7c:c3:77:c5:95:f5:52:31:02:
                    e9:06:26:01:cb:48:02:1b:39:56:9f:82:02:14:d9:
                    6e:a1:1e:a1:56:01:ae:90:d4:43:25:23:02:84:c5:
                    2d:06:14:ec:96:84:d9:0d:87:f5:79:6d:d6:55:3d:
                    8f:e7:c3:42:50:c8:ba:77:1f:d8:38:50:a2:91:83:
                    20:08:05:64:5e:3a:fa:24:80:18:04:93:0a:36:da:
                    23:f1:3f:92:43:14:54:39:2a:1b:b9:94:d2:15:1c:
                    35:75:95:50:56:1a:51:20:f6:23:34:9c:d7:d0:cd:
                    8e:f6:5f:6e:a1:25:5e:31:e9:ec:8b:8a:4a:bf:37:
                    94:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E3:4B:38:64:D5:D9:49:1D:0E:F5:5F:CD:E7:E8:8A:03:84:2D:79
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/A-NLOGTV2UkdDvVfzefoigOELXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c5:97:7c:b1:1c:1e:0c:5b:fe:c9:e3:6f:fc:42:21:44:1a:
         67:8a:f9:75:20:4d:0f:38:8d:44:af:bd:6f:7f:e3:ef:25:c1:
         6e:6c:cc:fa:a1:de:3e:5d:01:9e:19:11:af:f2:8e:b2:3c:5a:
         ac:7f:16:fa:1e:92:fb:d1:71:f9:08:4e:da:1e:ea:18:b3:f3:
         66:e6:70:33:97:ad:d8:ab:85:dd:16:48:70:23:6b:49:6b:35:
         71:28:53:b3:35:d3:e2:f2:54:e0:d1:c0:90:85:f8:3a:44:93:
         76:ee:f4:75:fb:12:e7:a3:f2:de:88:1b:4a:e9:1f:c9:16:8b:
         2b:51:b4:92:cb:ec:ed:d3:b8:a9:03:b2:f7:e8:c6:ef:f6:16:
         0e:52:fe:58:a3:6e:fb:76:d0:2b:9c:53:aa:2e:c5:1e:00:69:
         39:10:32:c1:e6:24:12:05:0c:98:ba:f1:c2:c1:dd:f3:aa:23:
         35:e8:b8:ae:3e:d4:7e:fa:dc:5f:dd:85:9a:a8:1f:c0:40:3c:
         21:33:8c:3f:6f:9c:0e:fe:d1:56:27:ab:e9:d8:6f:db:8e:22:
         60:57:93:70:03:bf:c9:64:4d:1a:4e:fd:16:00:66:28:be:32:
         39:fd:bb:ca:34:bd:3a:bb:7a:1c:1d:66:59:12:e8:0c:cb:74:
         28:4b:1a:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRV+K9mb1F0pOVV2CpmGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2UzNGIzODY0ZDVkOTQ5MWQwZWY1NWZjZGU3ZTg4YTAzODQyZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjK+ZzM+1KBVR4HWTZJGrrMNWuTW7
CAoyctOY1EVEa8gB4h7WsZMD0e32hYnc37crhUOmQX3IQo0EZRC3aCjpP27tcxqL
C5bataVmp9E02wdkAqK+dtlS+AIYUIkTEHC4n5FDgCbw14c0X8OidS0SFKNzsT04
L8sB5IhoKCV8w3fFlfVSMQLpBiYBy0gCGzlWn4ICFNluoR6hVgGukNRDJSMChMUt
BhTsloTZDYf1eW3WVT2P58NCUMi6dx/YOFCikYMgCAVkXjr6JIAYBJMKNtoj8T+S
QxRUOSobuZTSFRw1dZVQVhpRIPYjNJzX0M2O9l9uoSVeMensi4pKvzeUFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPjSzhk1dlJHQ71X83n6IoDhC15MB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvQS1OTE9HVFYyVWtkRHZWZnplZm9pZ09FTFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZwPMA0G
CSqGSIb3DQEBCwUAA4IBAQBAxZd8sRweDFv+yeNv/EIhRBpnivl1IE0POI1Er71v
f+PvJcFubMz6od4+XQGeGRGv8o6yPFqsfxb6HpL70XH5CE7aHuoYs/Nm5nAzl63Y
q4XdFkhwI2tJazVxKFOzNdPi8lTg0cCQhfg6RJN27vR1+xLno/LeiBtK6R/JFosr
UbSSy+zt07ipA7L36Mbv9hYOUv5Yo277dtArnFOqLsUeAGk5EDLB5iQSBQyYuvHC
wd3zqiM16LiuPtR++txf3YWaqB/AQDwhM4w/b5wO/tFWJ6vp2G/bjiJgV5NwA7/J
ZE0aTv0WAGYovjI5/bvKNL06u3ocHWZZEugMy3QoSxr2
-----END CERTIFICATE-----